Authenticate
TOTP two-factor or OIDC SSO proves who's knocking. SCIM provisions and deactivates admins straight from your IdP.
OpsIQ is built on one principle: an AI that can write to your business has to ask permission first. Every request is verified, every action contracted, scoped, signed, role-checked and audited. No shortcuts, no surprises, no off-policy operations.
Only the right people get in, and once they're in, every move is on the record. Each admin enables TOTP two-factor (Google Authenticator, 1Password, Authy, any RFC-6238 app); Business and Enterprise add OIDC single sign-on and SCIM auto-provisioning so joiners and leavers flow straight from your IdP. Brute-force attempts are throttled into automatic lockout, and every sign-in, permission and SCIM change is recorded.
TOTP two-factor or OIDC SSO proves who's knocking. SCIM provisions and deactivates admins straight from your IdP.
Owner / admin / support roles plus per-page grants mean each person reaches exactly what their job needs, nothing more.
Every sign-in, permission change and write (human or AI) lands in an append-only log with actor, IP, time and result.
Every request moves through the same security choreography: prove identity, prove authority, sign the path, seal the data. The result is a platform that feels fast without ever becoming casual about access.
TOTP two-factor, OIDC SSO and SCIM joiner/leaver flows verify who is entering before any admin surface opens.
Owner, admin, support and page-level grants keep every teammate inside the exact boundary their role allows.
Webhook traffic and API calls are scoped, HMAC-verified, replay-protected, rate-limited and tied to one workspace.
Every human write, AI action, permission change and security event lands in an append-only audit stream.
Webhook signing key rotation is preserved with actor, role, IP, timestamp, raw parameters hash, result and trace ID.
AI actions, admin changes and webhook deliveries are recorded with actor, IP, action, result and approval state.
HMAC signatures, nonces, timestamps, scoped keys and optional IP allowlists stop forged or replayed traffic early.
Failed-login lockout, IP and CIDR blocking, bot scoring, rate limits and account-takeover signals keep pressure off the core.
Each cloud workspace has its own tenant boundary and its own encryption key. A request from one workspace cannot read, write or decrypt another workspace, even if someone is staring at the raw database.
AES-256 envelope encryption at rest, TLS 1.3 in flight, per-tenant key separation. Secrets sealed: never logged, never re-fetched via API.
TOTP two-factor on every account, OIDC SSO and SCIM on Business+. Owner / admin / support / custom roles with per-action gating.
HMAC-SHA256 over the raw body. Replay protection via timestamp + nonce. Idempotency keys on writes. Per-connector secrets you can rotate live.
OpsIQ's AI cannot invent operations. Every action it can take is a registered contract with declared scope, roles and parameters, and anything off-contract is rejected at the brain layer before it reaches an endpoint. Risky writes always require explicit human confirmation. You choose your model (Anthropic, OpenAI, Gemini, Grok or self-hosted), and your conversations are never used to train models.
A complete control surface for identity, data, edge traffic, AI safety and incident response. Dense enough for a security review, polished enough for the product page.
Honest status: what is live, what is aligned, and what is on the roadmap. No borrowed badges, no certification claims we do not hold.
Know who's knocking, release a locked teammate in one click, and watch the platform guard its own health, every move logged.
OpsIQ doesn't just count bad logins; it tells you what kind of address is hitting you. Each IP is classified as residential, shared, datacenter or internal, then given a 0–100 threat score from bot and takeover signals on the visitor journey. Datacenter ranges hammering your login form look very different from a customer on home broadband, and your lockout thresholds can treat them differently.
When a teammate gets locked out, you release them in one click, with no waiting for a timer. Sweep active failed-login counters in bulk after an incident, search the full failed-login history to investigate, and bulk-delete stale records once it's resolved. Every release, reset and deletion is itself written to the audit log, so the cleanup is as accountable as the breach.
Beyond the perimeter, OpsIQ guards its own integrity. A signed license check keeps the install genuine, built-in health diagnostics surface a live snapshot of the platform's vital signs, and front-end JavaScript errors are captured server-side so a broken release shows up in your dashboard instead of silently failing on a customer's screen.
Every other page on this list captures what happened. The opt-in AI security analyst reads those signals and tells you what they mean, what to do, and (only if you let it) does the reversible part for you. It is built to cost almost nothing: it never runs in the visitor request path, obvious cases are settled by deterministic rules with no AI call, verdicts are cached, and its best output is a plain block rule that then enforces forever at zero tokens.
Deterministic scoring stays the first line of defence, exactly as before. The model is only asked when it actually helps: an ambiguous IP, a fresh incident, the morning digest. Ambiguous entities batch into one call, so a wave of attackers is read together, not one request at a time. Its own monthly budget lives in AI Config, and if it is ever reached the analyst quietly falls back to deterministic reads. Blocking, lockouts and alerts never depend on it.
Blocked IPs and Failed Logins rows get a benign / suspicious / hostile chip with a confidence score. Explain opens the reasoning, the facts used, and one-click Block or Release. Cached, so re-viewing an IP is free.
Related events cluster into one story: a login wave, a URL scan, an auto-block burst. Each new incident gets a plain-English timeline and one recommended next move. Ongoing attacks fold into the same incident.
One recap each morning: yesterday versus your baseline, new blocks, incidents and the single thing worth doing today. On a quiet day it just says all clear, and that check costs zero tokens.
A Monday hardening checklist: admins without 2FA, a lockout threshold that looks generous against your real attack volume, alerts switched off. Each item carries a severity, an effort label and the exact fix.
A question box on the Security Overview. Ask why an IP was blocked or what to harden first, and it answers from your live security state. Deep server work is handed to the admin engineer chat, never guessed.
The analyst proposes concrete block rules as Approve / Dismiss cards that enforce at zero tokens with a live hit counter. Optional autopilot approves only the safest: reversible, time-limited, single IPs or ranges no wider than /24, never shared or mobile, capped per hour, always undoable.
The analyst suggests, clusters and (only with autopilot on) applies reversible blocks. It can never delete data, change settings, touch the audit ledger, or make a permanent ban, and every action it takes is written to the same append-only log as everything else.
Every capability, grouped. ★ marks a stand-out.
| Feature | What it does |
|---|---|
| Authentication | |
| Two-factor (TOTP) | Per-admin RFC-6238 two-factor for Google Authenticator, 1Password, Authy or any compatible app. |
| Single-use recovery codes | Regenerable backup codes so a lost device never locks you out for good. |
| OIDC single sign-on | Bring your own identity provider on Business and Enterprise plans. |
| SCIM provisioning | Automatic admin create and deactivate from your IdP; every change logged. |
| reCAPTCHA on login | Optional bot challenge on the sign-in form to slow automated attacks. |
| Hardening | |
| Failed-login lockout ★ | Rolling failure counters trip an automatic IP lockout once the threshold is crossed. |
| IP & CIDR blocking ★ | Block a single address or a whole range by hand; bans propagate across a session. |
| IP classification ★ NEW | Each address tagged residential, shared, datacenter or internal on every event. |
| Threat scoring | 0–100 bot and account-takeover score; anything ≥50 is highlighted. |
| Rate limiting | Every public endpoint is throttled against brute force and abuse. |
| Authorization | |
| Role-based access control | Owner, admin and support roles so each person sees only what their job needs. |
| Per-page permission grants NEW | Grant or revoke individual admin pages per teammate for fine-grained access. |
| Confirmation policies | Per-action gating that forces an explicit confirm step on sensitive operations. |
| Data protection | |
| Per-tenant isolation ★ | Each cloud workspace has its own key, so no cross-tenant read or write, even with full DB access. |
| AES-256 at rest | Envelope encryption seals every byte stored on disk. |
| TLS 1.3 in transit | Every connection to OpsIQ is encrypted with modern TLS. |
| Secrets outside the web root | Config files and signing keys live where the web tier can never serve them. |
| API security | |
| Signed webhooks ★ | HMAC-SHA256 over the raw body with timestamp and nonce replay protection, both directions. |
| Scoped API keys | Workspace-locked keys in All, Read-only or Restricted permission modes. |
| IP allowlist on keys | Restrict a key to specific IPs or CIDR ranges so a leaked key is still useless elsewhere. |
| Key rotation & revocation | Rotate or revoke any key instantly; secret keys are never returned again after creation. |
| Per-hour rate limits | Each key carries its own request budget to contain abuse. |
| Audit | |
| Append-only audit log ★ | Every human and AI write captured with actor, role, IP, time, action and result, never edited. |
| CSV / JSON export | Hand auditors the whole trail in a portable format. |
| Filtering | Slice the log by action, actor, date or risk to find exactly what you need. |
| Security events | Sign-ins, 2FA, permission and SCIM changes are all recorded as events. |
| Failed-login journey timeline ★ | Every attempt against an account replayed as its own reviewable journey. |
| Lockout & counter monitoring NEW | See every live failed-login counter and active lockout at a glance. |
| Failed-login history search NEW | Search the full history of login attempts to investigate an incident. |
| Incident response | |
| Manual lockout release NEW | Clear a locked admin or IP in one click without waiting for a timer. |
| Bulk counter reset NEW | Sweep all active failed-login counters clear after an incident. |
| Bulk history deletion NEW | Purge resolved failed-login records in bulk; the deletion itself is logged. |
| System protection | |
| License integrity | Signed validation keeps the install genuine and tamper-evident. |
| Health diagnostics NEW | A live snapshot of the platform's vital signs, on demand. |
| JavaScript error capture NEW | Front-end errors are logged server-side instead of silently failing on a customer's screen. |
| AI safety | |
| Action contracts ★ | The AI can only invoke registered operations with declared scope, roles and parameters. |
| No off-contract actions | Unknown operations are rejected at the brain layer before they reach an endpoint. |
| Human approval on risky writes | Sensitive actions always require an explicit human confirmation. |
| 100% AI turns audited ★ | Every AI turn (prompt, response, result and approver) lands in the audit log. |
| No training on your data | Live conversation context only; your data is not used to train models. |
| Compliance & admin | |
| Data residency & retention | Choose your region and set your own retention window; 0 keeps records forever. |
| Owner-only audit access | The full AI history audit log is restricted to the workspace owner. |
| GDPR / CCPA alignment | DPA, DSAR export and delete tooling, and consent enforcement at source. |
| Admin user management NEW | Invite, role, deactivate and audit every admin from one console. |
| Department management NEW | Organise teams into departments with their own access and routing. |
POST /v1/customers/{id}/erase. Audit log entries about the deletion itself are retained for 12 months for compliance review./.well-known/security.txt, disclosure email security@opsiqai.com, acknowledged within one business day, with a public bug-bounty for material findings. We also run an annual third-party pen-test plus continuous internal red-teaming; summary reports are available under NDA.security@opsiqai.com for our current posture letter.